Introduction

Headfry is a resource for home users. We simply do not have a hope of securing cyberspace without you.

Users of all stripes need to stand up and be counted.

Assail the vendors for talking down, and reward those that step up to the plate.

Of course we all have a role to play in security cyberspace, but we can’t be expected to embrace the need for a cyberspace users ‘drivers licence’ (the latest ‘suggestion’ making the rounds) when the road builders have not built us a safe road to travel on, nor supplied us with the tools to get to our destination in one piece, however carefully we drive.

They continue to resist attempts to hold them legally accountable for software that simply is not fit for the purpose for which it was sold, unlike most other commodities we hold dear.

But headfry’s primary mission is not to attribute blame, but to contribute to a constructive, well-informed dialogue for change.

And hopefully to have some fun in the process.

Because if you don’t laugh, you will cry.

November 10, 2004 - and regularly updated

Dummies of the world unite

You may not realize it, but according to great swathes of the media, you, the home user are the weak link when it comes to security. Yes, you.

(See my August 2004 column ‘Don’t blame it on the ‘dummies’ published in globetechnology.com for more on this topic.) read more

Well, that doesn’t seem very fair, you respond. I do my best. I just don’t know where to turn to for help and advise.

Hopefully, that is about to change.

Not because of this site (although we will do our best to be a useful resource), but because the IT vendors are finally starting to realize ‘they need you’. Yes. Every single last one of you.

You see they have a vision that computers will soon power almost everything we do. In their own quiet, unobtrusive way. We will barely even know they are there.

They will drive our cars, and fly our planes. They will manage our homes, monitor our children, spot and warn off intruders. High-speed Internet connections will make cheap Internet phone service, interactive TV, and appliances that can be monitored and restocked remotely a reality. The technology already exists, but it will take time to realize the vision.

Your TV gets a life of it's own

Microsoft recently (Nov.9 2004) launched new software for TV digital cable set top boxes in collaboration with Comcast (the giant US cable company). MS have spent a fortune on developing this product (called Foundstone - a carefully calculated 'inspirational' brand name) as part of its ambitious plan to 'own the home'.

But you won't be launching a space probe from your TV anyday soon - much of the recent hype just allows cable companies to provide more interactive TV guides- nothing earth shattering.

But just imagine how attractive the concept of their gear in every home gadget, especially the TV, is to the IT vendors - with revenue heading downwards and commercial customers less willing to spend for new upgrades and additional features no one understands, let alone uses.

So trust me, the vendors are licking their collective lips about the potential to sell gear for the home.

Who are ‘they’ you ask?

The list is long. The companies that supply the gear that will move the data. The chip vendors that sell the tiny microcomputers. The vendors that build and sell the complex software that makes it all useful and easy to use.

The vendors ultimately want you to be able to connect to the Internet from the TV and store music, files etc- they aim to make the TV a type of full service media console. MS already sells a box called MSN TV that allows you connect to the Net from the TV over broadband (a fast Internet connection).

So as they say someplaces, "it's all on".

And yes, as Constanza Snr. would say, they want "a piece of you".

Will your TV crash?

But they know you won’t bite and buy their lucrative vision for the future if you associate computers and IT with an ongoing security nightmare.

If exisiting operating systems (Windows, Linux, even the shining white night Apple Mac is not devoid of security issues) are anything to go by- we are in for a bumpy ride.

Just imagine- all those irritating pop ups and update messages, and viruses and spyware- coming to a TV near you soon.

What a truly hideous concept. You will not be reading everywhere about the potential for your reliable old box to become part of your ongoing home computer nightmares, but the prospect is real.

But that being said, I think it safe to assume that you may get a lot more respect from IT vendors, sooner rather than later. Whether it is mere lip service remains to be seen.

Resources and Help

The only problem is that despite the billions at their disposal, vendors can’t quite figure out how to speak to you.

Ever read those vendor ‘Help’ pages that you cannot even begin to fathom? Written in language so impenetrable, so tech infested, you have no idea even where to begin?

And what about the vendors who sell you solutions without any tech support, or force you to pay again to get help when you need it? There are lots of them, and many of them are in the security space.

Watch this section, and we will give you an idea of what to look out for, and how to educate yourself to be able to distinguish the good from the bad, and the bad from the just plain ugly.

And read about the issues in the space, such as under the Hot Topics section.

Walter Mossberg’s ‘Personal Technology’ column in the Wall Street Journal is also a great resource. He and his assistant review software products and high tech gizmos and always give it to you straight up. go to web page

We want you to become part of the dialogue to decide what vision for the future you really want to see realized. Or you risk having it defined for you. And crying over spilt milk.

We need to speak up; demand safe and secure products - and decent support, at a fair price.

Practicalities – How to help yourself

Check to see if your doors are open

The first thing you need to do is run a scan by Steve Gibson at ShieldsUp: go to web page

You will get to a grc. com home page. Click on ShieldsUp in giant letters on this page.

ShieldsUp is an excellent free service and will tell you whether you are protected in cyberspace. It scans to see if any ports are open on your computer.

Hackers are constantly running programmes to try to locate computers that have open doors they can walk through. Ports are simply doors or windows (access points) into your PC.

There is a lot of scary sounding text on the site, but unless you are very technical, just click on the ShieldsUp text on the black home page. Then click the button (under ShieldsUp!! Services) marked ‘File Sharing’ to run the first scan. Then try ‘Common Ports’, and finally (in for a penny, in for a pound), the ‘All Service Ports’ button.

What you want to see at the end of these scans is a congratulatory message telling you that you and your PC are in ‘tru stealth mode’, and hidden from the world. Rejoice if you get this message, as it is excellent news.

Anything else is almost certainly bad.

Why bother?

(Care to become a zombie?)

If you do not have a firewall running (a big lock on your door that also acts as a type of camouflage in cyberspace- it hides the fact that you and your PC even exists), hackers will be able to gain access and take over your computer, without you even knowing.

They can easily find out what operating system you are running (Windows/Linux are operating systems – they are essentially the command centres for your PC). They can then use their knowledge of vulnerabilities in these programs to attack your PC. Patches are programs the vendors release from time to time to close these holes.

Unfortunate souls in IT departments around the world spend a lot of time frantically patching holes - always barely one step head of the bad guys. It is no fun.

Some of the software vendors also make money selling ‘patch management services’, which could be considered a bit rich, as the self same companies are often responsible for the holes in the first place. But an excellent business model!

More about that later.

Bad people want your broadband

Hackers especially like homes with powerful PCs and broadband (cable or DSL) connections to the Net, as they like to commandeer as much speed and raw computer power as they can get their grubby little hands on.

Once they break in, they will then leave themselves a backdoor, or key under the mat, back into your PC so they can come and go whenever they want. They can choose to hide illegal material in your PC - such as pornography, illegal software (music files, videos etc), material they use for their hacking exploits, etc. Whatever they feel like.

Your PC may become their storage bin. Full of very nasty garbage.

It is unlikely you would find their stash, even if you suspected something was wrong. They are often very good at covering their tracks, and there are many thousand lines of computer code to hide in.

Being used for denial of service attacks

Hackers also like to assemble an army of computers they ‘own’. So the more open door computers they can seize, the better.

They want to create an army of ‘zombie ‘ (compromised) computers, sometimes called a ‘botnet’. Botnets are made available for hire to a raft of unsavoury types, such as organized crime, extortionists, and spammers.

These bad guys can then use your computer power and speedy access to the Internet to overpower commercial web sites, or to threaten to do so, unless they are paid off. This is called a denial of service attack (DoS). Even big and successful web sites can be overcome if too much traffic comes their way at once.

It usually means that the site cannot function, or slows down to a snail speed. Sometimes it gets so bad that no one is able to log on.

In severe cases, the people in charge may have to take the site down completely and work to get it back up and running as fast as possible.

Hackers in league with spammers, virus writers...

It is believed that spammers and virus writers are now in league with the botnet owners who are only too happy to carry out their dirty work for them- at a price.

The really bad guys are also attracted to the fact that mere kids often own many of these botnets, and if caught will be protected minors, and not subject to the full weight of the criminal law. They can hide behind them - let them take the heat.

The kids rarely know who they are working for – their ignorance protects their wicked puppet masters, should law enforcement come calling.

You can understand how devastating this type of attack is for businesses that depend on the Internet and their web site for sales – they can loose millions if they are down for any length of time. It can, and has, put small businesses out of business.

So it is important not to make things easy for the bad guys that want to use you and your PC to carry out such attacks.

Go hide- fast! And get help

Firewalls and anti-virus products

Assuming that ShieldsUp finds that you have doors open, you need to take action. And fast.

Research shows that an unprotected PC on the Net lasts a mere 20 minutes, or less, before it is infected by a virus, or taken over. So time is of the essence. Don’t dilly dally.

There are lots to companies that offer firewall software, such as the Norton suite of security products from the security company Symantec, as well as McAfee, Zone Alarm, etc.

Zone Alarm has a good free product (for non business use) that is definitely worth a try, especially if you are broke, but it can be difficult to handle, and I have found it can cause problems with Outlook Express and your email go to web site

My current favourite, however, is from Trend Micro read more

It is called PC-cillin and has the added advantage of combining anti virus protection with a personal firewall. So you get two products in one.

It is relatively easy to install (it can take a while, so be patient) and most importantly, it comes with free technical support- including 24 hour free phone support.

Get free support

If you read the fine print in most other anti virus and firewall products, you only get free email support. In many cases, you have to pay a hefty premium for phone support (billed by the minute or the hour).

Email support can be useless if your PC is taken out by a virus and you can’t access their automatic update services (the vendors may tell you this can’t happen, but it does).

In addition, it often takes them days to get back to you by email and by then you probably have gone completely mad, or bought a new PC.

So get anti virus and firewall products that come with free phone support. They are few and far between.

Getting nothing for nothing

Another thing to look out for are vendors that give you a free anti virus or spyware scan, but then won’t fix the problems found for you, unless you buy the product.

We will talk about spyware later, but an example that comes to mind is a product called Pest Patrol. It detects nasty spyware programmes on your computer. It is supposed to be an excellent product.

However, with a flair for marketing kamikaze, they will give you a free scan, but then look for you to open the chequebook before they will fix any problems found. Kind of like been thrown out of the car before you finish your test drive.

Needless to say, you cannot get a free trial either.

Come on guys- give us a free trial - or find it in your hearts to clean the problems you find in the 'free scan'.

If appealing to your empathy doesn't cut it - consider this - it' s lousy marketing.

In any event, once you have a firewall installed, run the ShieldsUp scans again and this time, you should come up smelling like roses.

What is Windows XP SP2?

Microsoft recently released an update for Windows XP called SP2. It will come your way (provided you paid for XP) any day now, but it is a big file (80mb) and without broadband access, may be to big to bother with.

Windows XP should be more effective at blocking nasty pop ups and it has a firewall enabled by default (it’s just there and on - you don’t have to do anything to get it).

You should be able to run an existing firewall without any problems if you download SP2, or so the story goes.

It won’t also help you if you have older versions of Windows, that are unfortunately riddled with holes. SP2 can also cause other programmes and applications to freeze or go a bit wonky.

Making choices

One of the peskiest problems with security is that it is a game of compromise, and making choices. This is in large part due to the way the creators built the Internet.

They simply did not have security in mind, and they assumed that everyone on their network was trusted and that they would rather cut off their right hand than hurt a computer, or a fellow nerd.

But alas, as the Internet went mainstream and opened it’s doors to the great unwashed, in they came, blight and all.

So the security designers and technical standard makers today are left trying to graft on security to a great big complicated octopus that is full term, feisty and none too willing to co-operate.

The long and short of it is that if you like to play games, download music and video files, and you are inclined to click on every dodgy looking email and ‘one time offer’ that comes your way, your security will suffer.

The ports we mentioned earlier may have to be opened to let these applications open, and bad things can piggyback in on top of them.

More on SP2 and making choices in a later edition. We will also fill you in on anti virus (AV) software and what to look out for.

Come again soon.